Internal certification authority

The internal certification authority is a FormFlow module that provides management of issuing and revoking certificates for FormFlow users. To allow the certificate issue process, the user must have their e-mail address entered and enabled in their account settings.

image153

Access certificate installation

Visit the Internal certification authority screen (ADMINISTRATION  Application settings  Internal CA of Software602) and go to tab Internal CA of Software602 to enter the license access certificate as a PEM file. A PEM file is a certificate file with a private key. You can get a PEM format from PFX by running the following command:

openssl pkcs12 -in certificate.pfx -out certificate.pem -nodes -des3
image154

You need to enter the public part of the certificate at the 602ID portal (https://id.602.cz). Log in and go to the tab Certificates  Service certificates and upload the public part of the certificate, a .cer file. You may have more than one service certificate.

The company details entered in the 602ID account are used in the subject field of the issued certificate. The 602ID account also must be a main account.

Creating a process folder for the Internal CA in FormFlow

Visit the window opened by ADMINISTRATION  Processes  Process Management. In the list of folders on the left, click Home, continue to tab Create subfolder; enter the name “Internal CA” here. Click Create subfolder to confirm.

image155

Installing the form for the certificate issue process

The form is used to issue a certificate from an unqualified Internal certification authority, Software602 a.s.

Insert the form as a workflow one:

  • Go to ADMINISTRATION  Processes  Process Management  Form Templates and click Create a form template.

    image156
  • Enter the form code and name.

    image157
  • Select the file FF-CreateCert.zfo. You will find the form file in the distribution package at

    FFS-10.2.x.0_2018-11-12_13.21.18_source_php-7-2.zip\docs\interni_ca\forms\
  • Click Create form.

Now you are managing a created form template. This is a workflow form. Go to section Form  Document Flow and add two signing steps:

  • Signing step 1:

    • Add one rule.

    • Configure this rule by going to the Final recipients tab and checking the following boxes in the form author row:

      • For approved form

      • For approved form is default

      • For rejected form

      • For rejected form is default.

    image158
  • Signing step 2:

    • Add one rule.

    • Configure this rule by selecting a user or group who will approve the end user certificate and check the following options for them:

      • Is recipient

      • Is default recipient.

    image159
  • Now you can release the form. The Release button is located in the branch Form  Versions  Version 1  Release.

  • Select a folder where the released form will be available to fill in. Visit ADMINISTRATION  Processes  Processes, click the process folder Internal CA and then on the right, click Templates. Find the released form Certificate in the list and set its visibility and availability in the GUI.

    image160
  • Introduce the form as ESS configuration:

    • Visit ADMINISTRATION  Records management  Configuration  ERMS Forms and click Add configuration.

    • Select a form, enter CAFORM as the type and click Save.

    image161

Installing the form for checking certificate details

The form is used to get information on issued certificates and allows revocation of issued certificates.

Insert the form as a collection one:

  • Open ADMINISTRATION  Processes  Process Management  Templates and click Create a form template.

  • Enter the form code and name.

  • Select the file FF-SearchCert.zfo. You will find the form file in the distribution package at

    FFS-10.2.x.0_2018-11-12_13.21.18_source_php-7-1.zip\docs\interni_ca\forms\
  • Click Create form.

  • Now you can release the form. Go to branch Form  Versions  Version 1  Release and click Release.

  • Select a folder where the released form will be available to fill in. In window ADMINISTRATION  Processes  Processes, click process folder Internal CA and then, on the right, select the Templates tab. Look up the released form FFS-SearchCert and select its visibility and availability in GUI.

image162

Revocation administration tab

The administration tab where you can revoke certificates is displayed as the second tab at ADMINISTRATION  Application settings  Internal certification authority. The tab is only be displayed to users who are members of the administrator group. They can download an issued certificate in the DER format and then revoke this issued certificate.

image163